CVE-2011-1900

InduSoft Web Studio <7.0+Patch 1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1900. PoCs published by Unknown, juan vazquez, including Metasploit module auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio's NTWebServer component to read arbitrary files. It sends HTTP requests with traversal sequences to access files and retrieves their contents.

Description

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.

Exploits (1)

metasploit WORKING POC

by Unknown, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/scada/indusoft_ntwebserver_fileaccess.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio's NTWebServer component to read arbitrary files. It sends HTTP requests with traversal sequences to access files and retrieves their contents.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Indusoft WebStudio 6.1 SP6

No auth needed

Prerequisites: Network access to the target's NTWebServer (port 80)

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources x_refsource_confirm

http://www.indusoft.com/hotfixes/hotfixes.php

Scores

EPSS 0.3204

EPSS Percentile 98.1%

Details

CWE

CWE-22

Status published

Products (2)

indusoft/web_studio 6.1

indusoft/web_studio 7.0

Published May 04, 2011

Tracked Since Feb 18, 2026